While searching on how to secure WCF, I stumbled upon this article.
This is a very helpful tool for developers like us to implement SSL without going to buy a certificate from a trusted Certificate Authority during the development stage of a product.
However, this self-signed certificate can also be used for production… until such time that the client can afford or be able to buy a trusted certificate of his/her own.
But what if the client does not want to buy a trusted certificate? Is the self-signed certificate good enough for its purpose?
Well, as long as the encryption strength used are the same, self-signed and trusted certificate are equally the same when the certificate is primarily used for securing the communication.
